Emulex Promises 100% Packet Capture at Low Cost

New capabilities and configurations claim to address data capture and security concerns at every enterprise budget.

Effective network monitoring and management demands thorough packet capture, particularly in high-stakes sectors like high frequency trading and telecommunications. A number of data capture solutions exist to help enterprise networking and security teams gather and analyze traffic data, but often come at a high cost. Emulex aims to address the cost issue, as well as the emerging challenges of virtualized and software defined environments, with the next generation of its EndaceDAG data capture card portfolio, announced last week.

EndaceDAG Data Capture Card specs

Emulex touts a number of features and capabilities for the new data capture cards. Among them are an 8-lane PCIe 3.0 interface for "nearly twice the transfer rage of PCIe 2.0/2.1 interfaces and 40GbE wire-speed data capture with the forthcoming 40GbE upgrade kit for the quad-port EndaceDAG card," according to a company statement. The cards will come in either dual-port or quad-port 10GbE configurations. Additionally, some of the cards will support the precision timing protocol (PTP) with a dedicated 1GbE port for accurate timestamping without sacrificing one of the 10GbE ports.

What this all adds up to, the company claims, is 100 percent packet capture with "industry-leading port density" compared to data capture cards without dedicated PTP ports. Another key differentiator is the accuracy of the timestamping, according to Mike Heumann, senior director of marketing for the Endace division of Emulex. The EndaceDAG cards timestamp "at the nanosecond level," Heumann said, observing that "this is critical when looking at traffic on a 10GHz link."

Different configurations for different budgets

One of the key selling points of the next-generation EndaceDAG cards will be the variety of configurations Emulex will offer: basic, standard, and premium, depending on the budget and needs of the customer. The basic configuration comes with a dual-port 10GbE card, supports 16 receive (RX) and 2 transmit (TX) streams and provides a maximum of 2GB of memory per stream, maxing out at 32GB. The standard configuration comes in either dual-port or quad-port 10GbE cards and adds PTP and proprietary NPB timing signal support and the ability to load balance across VLANs and MPLS. At the premium level, the dual-port and quad-port 10GbE cards come with support for a broader variety of protocols, more streams, more memory, and more load balancing and filtering capabilities.

Solving virtualization and software defined challenges

Emulex believes its data capture cards can solve emerging challenges in virtualized and software defined environments. When it comes to virtualization, virtual machine attribution can be a problem, Heumann said, for which "the combination of our new Emulex OneConnect Network Adapters and our EndaceDAG Data Capture Cards" is the solution. When it comes to SDN, the next-generation EndaceDAG cards will assist in "being able to 'de-encapsulate' traffic in virtual networks so that you can monitor things like Quality of Service (QoS) and Service Level Agreements (SLAs)," he said.

Endace Fusion Connector for Sourcefire Defense Center

Earlier this week at the RSA Conference, Emulex also announced its Endace Fusion Connector for Sourcefire Defense Center. The integration will allow "rapid response and root cause analysis, drastically reducing the time and operational overhead of packet data access," according to a vendor statement. Heumann added that the key issue this will address is "getting the specific traffic around an event to the analyst that has to address the event." The integration will provide drilldown capability so that "customers can quickly go from an event to specific traffic of interest without having to search across multiple machines," he explained.

For Emulex, the key drivers behind the Sourcefire integration were customer interest, the desire to have "an integration point with a leading IDS/persistent threat tool," and the increased opportunities created by Cisco's acquisition of Sourcefire last year.

For Sourcefire, meanwhile, the integration will "provide end users with a streamlined intrusion detection and identification workflow, removing ambiguity and optimizing efficiency in scenario where time to resolution is critical. By providing single-click access to the packet data underlying a potential intrusion, network staff can quickly identify suspect transactions and take the appropriate actions to shut them down," Douglas Hurd, director of technical alliances at Sourcefire, said in a statement.

Customers can download the Fusion Connector for Sourcefire free from the Sourcefire community downloads page.